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This listing of claims will replace all prior versions, and listings, of claims in the application. 
Listing of Claims: 

1 . (Currently amended) A method for maintaining the security of a secured 
execution environment on a system comprising said secured execution environment and a 
second execution enviroimient, comprising: 

accepting user input from a trusted input device; 

determining whether said secured execution environment is in a standard input mode; 

if said secured execution environment is in a standard input mode, transferring at least 
a first portion of said user input to said second execution environment; 

determining whether said user inout compri ses a user NTM indication that saiH 
secured execution env ironment should be in a nexus input mndR; and 

if said user input comprises said user NIM indication and said secured exenitinn 
environment is not in said nexus input mod e, switching said secured execution environment 
to said nexus input mode, said user NIM indicat i on being the only wav to initiate a tran«itm» 
from said standard input mode to said secure e xecution envirnmnent. there being at least two 
ways to transition from said secured execut i on environment to said standard input mode at 
least one of which is not a symmetrical cnn n teroait of said user NIM indication 

2. (Original) The method of claim 1 , fiirther comprising: 
decrypting said user input. 

3 . (Original) The method of claim 1 , fiirther comprising: 

if said secured execution environment is in a nexus input mode, determining a specific 
process running in said secured execution environment to which said user input is directed; 
and 

directing said user input to said specific process. 

4. (Canceled). 
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5. (Currently amended) The method of claim [[4]] i, where said user NIM 
indication comprises a combination of keystrokes on a keyboard. 

6. (Currently amended) The method of claim [[4]] 1, where said user NIM 
indication comprises a programmatic activation of a process running in said secured 



7. (Onginal) The method of claim 6, where said programmatic activation of a 
first process running in said secured execution environment comprises selecting a graphical 
user interface element corresponding to said process. 

8. (Original) The method of claim 7, where said graphical user interface element 
is a shadow graphical user interface element displayed using a second process, where said 
process is running on said second execution environment, and where said shadow graphical 
user interface element corresponds to a secured graphical user interface element displayed by 
said first process. 



9. (Original) The method of claim 1 , further comprising: 

determining whether said user input comprises a user SIM indication that said secured 
execution environment should be in said standard input mode; and 

if said user input comprises said user SIM indication and said secured execution 
environment is not in said standard input mode, switching said secured execution 
environment to said standard input mode. 

10. (Original) The method of claim 9, where said user SIM indication comprises a 
combination of keystrokes on a keyboard. 

1 1 . (Original) The method of claim 9, where said user SIM indication comprises 
an action which results in a display with no graphical user interface element which 
corresponds to a process running on said secured execution environment. 
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12. (Currently amended) The method of claim 1, where [[a]] if said secured 
execution environment is in a standard input mode, and a second portion of said user input 
corresponds to changes to a graphical user interface element displayed by a process running 
on said secured execution environment, said changes to said graphical user interface element 
are performed within said secured execution environment. 

1 3 (Original) The method of claim 1 2, where said changes to a graphical user 
interface element displayed by a process running on said secured execution environment 
comprise the movement of a mouse cursor over a graphical user interface element displayed 
by a process running on said secured execution environment. 

1 4. (Original) The method of claim 1 , further comprising: 

switching said secured execution environment to a nexus input mode if a power 
management change is detected. 

1 5 . (Currently amended) A computer-readable medium containing computer 
executable instructions to maintain the security of a secured execution environment on a 
system comprising said secured execution environment and a second execution environment, 
the computer-executable instructions to perfonn acts comprising: 

accepting user input from a trusted input device; 

determining whether said secured execution environment is in a standard mput mode; 

if said secured execution environment is in a standard input mode, transfeixing at least 
a first portion of said user input to said second execution environment; 

determining whether said user input comp ri.ses a user NIM indication that said 
secured execution environm ent should he in a nexus innut mod,.; anH 

if said user input comprises said user NIM indication and said secured execution 
environment is not in said nexus input mode s witching said secured execution environment 
t o said nexus input mode, there being at least t.v o ways to transition from said secured 
execution environment to said standard mmn mo d e at least one of which is not a svmmPtnV.l 
counterpa rt of said user NIM indication 
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16. (Original) The computer-readable medium of claim 15, wherein the 
computer-executable instructions are adapted to perform acts fixrther comprising: 

decrypting said user input. 

17. (Original) The computer-readable medium of claim 15, wherein the computer- 
executable instructions are adapted to perform acts further comprising: 

if said secured execution environment is in a nexus input mode, determining a specific 
process running in said secured execution environment to which said user input is directed; 
and 

directing said user input to said specific process. 



18. (Canceled). 



19. (Currently amended) The computer-readable medium of claim [[18]] 15, 
where said user NIM indication comprises a combination of keystrokes on a keyboard. 

20 . (C urrently amended) The computer-readable medium of claim [[ 1 8]] 15, 
where said user NIM indication comprises a programmatic activation of a process running ii 
said secured execution environment. 



2 1 . (Original) The computer-readable medium of claim 20, where said 
programmatic activation of a first process running in said secured execution environment 
comprises selecting a graphical user interface element corresponding to said process. 

22. (Currently amended) The computer-readable medium of claim [[ 1 5]] 21, 
where said graphical user interface element is a shadow graphical user interface element 
displayed using a second process, where said process is nmning on said second execution 
environment, and where said shadow graphical user interface element corresponds to a 
secured graphical user interface element displayed by said first process. 
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23. (Original) The computer-readable medium of claim 1 5, wherein the computer- 
executable instructions are adapted to perform acts further comprising: 

determining whether said user input comprises a user SIM indication that said secured 
execution environment should be in said standard input mode; and 

if said user input comprises said user SIM indication and said secured execution 
environment is not in said standard input mode, switching said secured execution 
environment to said standard input mode. 

24. (Original) The computer-readable medium of claim 23, where said user SIM 
indication comprises a combination of keystrokes on a keyboard. 

25. (Original) The computer-readable medium of claim 23, where said user SIM 
indication comprises an action which results in a display with no graphical user interface 
element which corresponds to a process running on said secured execution environment. 

26. (Original) The computer-readable medium of claim 1 5, where a if said secured 
execution environment is in a standard input mode, and a second portion of said user input 
corresponds to changes to a graphical user interface element displayed by a process running 
on said secured execution environment, said changes to said graphical user interface element 
are performed within said secured execution environment. 

27. (Original) The computer-readable medium of claim 26, where said changes to 
a graphical user interface element displayed by a process running on said secured execution 
environment comprise the movement of a mouse cursor over a graphical user interface 
element displayed by a process running on said secured execution environment. 

28. (Original) The computer-readable medium of claim 1 5, wherein the computer- 
executable instructions are adapted to perform acts further comprising: 

switching said secured execution environment to a nexus input mode if a power 
management change is detected. 
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29. (Currently amended) A trusted user interface engine for use in a computer 
system comprising a secured execution environment and a second execution environment, 
said trusted user interface engine comprising: 

an input stack for accepting user input; and 

a trusted input manager for determining whether said secured execution 
environment is in a standard input mode; and for directing at least a first portion of said user 
input to said second execution environment if said secured execution environment is in a 
standard input mode^ 

where said trusted input manager determin e s whether said user innut comprises a user NTM 
indication that said secured execution envir o nment should be in a nexus input mode: and if 
said user input comprises said user NIM indic a tion and said secured execution environment is 
not in said nexus input mode, switching said s e cured execution environment to said n^vns 
mput mode, there being at least two wavs to transition from said secured execntinn 
environment to said standard input mode at least one of which is not a symmetrical 
counterpart of said user NIM indication . 

30. (Original) The trusted user interface engine of claim 29, where said trusted 
input manager, if said secured execution environment is in a nexus input mode, determines a 
specific process running in said secured execution environment to which said user input is 
directed; and directs said user input to said specific process. 

31. (Canceled). 

32. (Currently amended) The trusted user interface engine of claim [[3 1 ]] 29, 
where said user NIM indication comprises a combination of keystrokes on a keyboard. 

33. (Currently amended) The trusted user interface engine of claim [[31]] 29, 
where said user MM indication comprises a programmatic activation of a process running in 
said secured execution environment. 
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34. (Original) The trusted user interface engine of claim 33 , where said 
programmatic activation of a first process running in said secured execution environment 
comprises selecting a graphical user interface element corresponding to said process. 

35 . (Original) The trusted user interface engine of claim 34, where said graphical 
user interface element is a shadow graphical user interface element displayed using a second 
process, where said process is running on said second execution environment, and where said 
shadow graphical user interface element corresponds to a secured graphical user interface 
element displayed by said first process. 

36. (Original) The trusted user interface engine of claim 29, where said trusted 
mput manager determines whether said user input comprises a user SIM indication that said 
secured execution environment should be in said standard input mode; and if said user input 
comprises said user SIM indication and said secured execution environment is not in said 
standard input mode, switches said secured execution environment to said standard input 
mode. 



37. (Original) The trusted user interface engine of claim 36, where said user SIM 
indication comprises a combination of keystrokes on a keyboard. 

38. (Original) The trusted user interface engine of claim 36, where said user SIM 
indication comprises an action which results in a display with no graphical user interface 
element which corresponds to a process running on said secured execution environment. 

39. (Original) The trusted user interface engine of claim 29, where a if said 
secured execution environment is in a standard input mode, and a second portion of said user 
input corresponds to changes to a graphical user interface element displayed by a process 
running on said secured execution environment, said changes to said graphical user interface 
element are performed within said secured execution environment. 
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40. (Original) The trusted user interface engine of claim 39, where said changes to 
a graphical user interface element displayed by a process running on said secured execution 
environment comprise the movement of a mouse cursor over a graphical user interface 
element displayed by a process running on said secured execution environment. 

4 1 . (Original) The trusted user interface engine of claim 29, where said trusted 
input manager switches said secured execution environment to a nexus input mode if a power 
management change is detected. 



42. (Original) A method for maintaining the security of a secured execution 
environment on a system comprising said secured execution environment and a second 
execution environment, comprising: 

maintaining a current state for said secured execution environment selected from 
among a group of possible states comprising: a standard input mode state and a nexus input 
mode state; 

directing a flow of user input according to said current state. 

43 . (Original) The method of claim 42, further comprising: 

limiting a transfer of said user input to said second execution environment when said 
current state is said nexus input mode state. 

44. (Currently amended) A computer-readable medium containing computer 
executable instructions to maintain the security of a secured execution environment on a 
system comprising said secured execution environment and a second execution environment, 
the computer-executable instructions to perform acts comprising: 

maintaining a current state for said secured execution environment selected from 
among a group of possible states comprising: a standard input mode state and a nexus input 
mode state; 

directing a flow of user input according to said current state^ 
wherein a user input sequence comprise s a user NIM indication that causes said state to 
fransition from a standard input mode t o a nexus innut mode, there being at lea.st two wavs to 
Page 9 of 13 



DOCKET NO.: MSFT-28 18/305956.01 

Application No.: 10/693,061 

Office Action Dated: January 26, 2007 



PATENT 



transition from said nexus innut mod e to said standard int)ut mode at least one of which is not 
a symmetrical counterpart of said user NIM indication . 

45 . (Original) The computer-readable medium of claim 44, wherein the computer- 
executable instructions are adapted to perform acts further comprising: 

limiting a transfer of said user input to said second execution environment when said 
current state is said nexus input mode state. 
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